Zombie ‘hack’ attack has serious undertone

February 15, 2013

It would be easy to laugh off Monday's hacking attack - which delivered a message about a zombie apocalypse to TV watchers on several stations in the Upper Peninsula and Montana - as a harmless joke. But it's not funny.

The message may have been ludicrous, but these computer intrusions into local television station Emergency Alert Systems could have scary implications for our increasingly wired future.

WNMU-TV13 and WBUP ABC10 were local victims of hacking incidents Monday in which audio messages and a crawl strip were broadcast by someone who gained access to the system designed to inform the public of real emergencies. The messages warned people to not approach zombies rising from their graves and "attacking the living." The Associated Press is reporting a Montana television station's programming also was interrupted by news of a zombie apocalypse.

The Michigan Association of Broadcasters, the Michigan State Police, Marquette Police Department, the Federal Bureau of Investigation and the Federal Communication Commission are all involved in an ongoing probe of the hoax.

So why should anyone be concerned by what was obviously a prank?

First, consider that broadcast officials said this was the first time since the Emergency Alert System was constructed - back in the 1940s - that something like this has happened. And it happened only about a year after the system transitioned from a telephone-based to an Internet-based system. The sytem is, no doubt, easier to use now and perhaps more reliable, but it's also hackable.

The most frightening aspect of the attack is that hackers who gain access to the EAS could broadcast any message they wanted.

Maybe this was a joke. Or maybe it was a proof-of-concept exploit aimed at rural stations with the idea of keeping the media profile low. This time it was a zombie spoof; next time it could be a fake warning about a terror attack or a natural disaster. This time it was aimed at sparsely populated coverage areas; next time it could be aimed at a major metro area.

We shouldn't be complacent about the security of the EAS system. The potential to spread panic and misinformation is a legitimate concern. Also, consider the corrosive effect of the loss of public confidence in information coming over the EAS. Perhaps people will ignore the next real message about a real emergency.

Officials from one of the hacked TV stations said Tuesday morning they believed they'd located the source of the attack at an overseas Internet address. And they said they'd closed the "hole in the system."

We hope this is the case, but we're not confident that anyone can guarantee the system won't be compromised again - not unless there's a serious security review and upgrade of the EAS system. We hope that's happening now.